malwarewikiaorg-20200223-history
MacMag
MacMag is an early Mac OS virus from 1988. It was the first time that a virus had caused a major outbreak by infecting a software product. Payload If Macmag is run from the original dropper, NEWAPP.STK, or if a clean disk is placed in an infected system, it will drop an INIT resource named DR. If the disk is booted, the virus will become resident in the memory and infect any disks inserted into the system. The virus replicates until 1988.03.02. If the infected computer is booted on that date, it displays the message: "RICHARD BRANDOW, publisher of MacMag, and its entire staff would like to take this opportunity to convey their UNIVERSAL MESSAGE OF PEACE to all Macintosh users around the world." After that, it deletes itself. History Origin Richard Brandow, the publisher of the Montreal-based MacMag, claimed to have created the virus, though the virus contains the name "Drew" in its code. Drew Davidson of Tucson, Arizona, USA is also said to have created the virus. It is uncertain whether Davidson collaborated with Brandow on the virus, or Davidson created the virus entirely himself and passed it on to Brandow. The release date of the virus is also uncertain. The virus was first known to be wild when it was downloaded from the Hypercard programming forum on 1988.02.06, but Brandow claims that some computers at MacMag magazine were deliberately infected to "seed" the virus infection in December of 1987. In addition, Brandow claimed that he had been thinking of the message for two years prior to it becoming wild. Becoming Wild The virus was first discovered wild on a Compuserve forum for the Hypercard programming language in 1988.02.06 as a Hypercard stack file named NEWAPP.STK. It was on the forum for at least twenty-four hours before it was discovered. The forum warned users about a file that was found to have been infected with a virus. The moderator of the forum at first downplayed this warning, believing that since Hypercard stacks were not binary programs, they could pose no danger. He later went back on that after reading the warning and a user's story, even issuing an apology. MacMag magazine publisher Richard Brandow was very willing to claim authorship of the virus. The Compuserve moderator called up Brandow and asked him a bunch of questions such as "Why do you think the virus spread so fast?" to which Brandow replied: "People copy software and computer disks frequently. If there wasn't such rampant piracy in the computing world, perhaps the virus would of not spread so quickly". Brandow was also asked what he thought about death threats and American citizens that wanted to take their guns and shoot him for creating the virus to which Brandow replied "If people in the U.S. want to shoot me for spreading a message of peace, then perhaps there are too many guns in the US in the hands of crazy people". The questions and answers were then mixed up and printed completely out of context so as to not make any sense whatsoever. Whether this was poor journalism or an attempt by the Compuserve moderator to purposely paint Brandow in a bad light, is still unknown. Brandow gave several interviews to the Canadian press about the origins of the virus. 2 years prior to it's release, he came up with the idea of having computers connect and spread data between them. This was a decade before the internet became popular and so it would be distributed by floppy disc. At first they thought they would sell "the message" to an ad agency or a corporate sponsor but Brandow had second thoughts and wanted the message to be a positive one. Because it was being developed at a time of reform in the Soviet Union and shortly after the fall of the Berlin Wall, they settled on a message of Peace. Brandow contacted his friend Drew Davidson and asked him to program the code for him. The virus was then installed on 2 computers at MagMag months before it's release into the wild. because Brandow had insisted on taking full responsibility for the virus, his name was put on the screen when the code activated. The result in publicity for MagMag was almost immediate: circulation grew exponentially. The publicity impact was such that the Canadian magazine began being distributed in the U.S., mostly in California. the following year, MacMag had a booth at the San Francisco MacWorld Expo. Brandow went on to do television work first as a screenwriter and then as a series director and producer. Effects One outbreak of the virus began when the president of MacroMind Inc. (later merged with another company to form Macromedia), Marc Canter, received a copy of the Mr. Potato Head game infected with the virus while visiting Canada. He claimed he used the game disk only once, but still managed to get other disks he used infected. These disks included a training program that was sent to the Aldus corporation. There, the virus infected disks of the program Aldus Freehand (now Macromedia Freehand) a popular vector graphics program. A large number of these disks were sold, causing a major outbreak of the virus. The disks had to be recalled. Other clients of Marc Canter included Apple, Lotus, Microsoft and Ashton-Tate. The Apple and Lotus corporations could not be reached for comment at first, but later determined that none of their software was infected. The other company, Ashton-Tate declined to comment. Name Macmag is named for the magazine from whose offices it originated. It has also been called Aldus, Brandow, Drew and Peace. Other Facts The payload trigger date of 1988 March 2nd is also the first anniversary of the release of the Macintosh II. Oddly enough, the virus contains a bug that will cause the Macintosh II (and only this version) to crash when it is booted. Sources Robert Slade. Computer Knowledge, Chapter 8 - MacMag virus. Dave Platt, Dave Curry. The Risks Digest, "MacMag virus infects commercial software" and "More on the Brandow virus ANOTHER VERSION". 1988.03.15-16 The Text Files, SUBSCRIBER, SYSOP BLOCK POSSIBLE "VIRUS" IN APPLE HYPERCARD FORUM. Ronald Grinke. University of Hamburg, Virus Test Center, MacMag Virus. 1991.12.17 Symantec Security Response, MacMag. John Markoff. The New York Times, A 'Virus' Gives Business a Chill. 1988.03.17 Philip Elmer-DeWitt. Time Magazine, Invasion of the Data Snatchers, pp.62-67. 1988.09.26 Category:First Category:MacOS Category:Virus Category:MacOS virus Category:Boot sector virus Category:Virus from 1980s